INFORMATION SECURITY POLICY

The Management System according to the requirements of the ISO 27001 standards, is applicable for the scope:

INFORMATION SECURITY MANAGEMENT SYSTEMS THAT PROVIDE SUPPORT TO;

Automated document processing services through the development of AI, for the transformation of the conventional Backoffice into an automatic one; BPO Services;
Content creation and management;
Business Intelligence projects;
Preparation of services tailored to the client’s processes.

ACCORDING TO THE DECLARATION OF CURRENT APPLICABILITY

In addition, our INFORMATION SECURITY MANAGEMENT POLICY establishes that SERIMAG:

It has the COMMITMENT to provide and maintain the highest levels of service quality, generating the maximum possible information security guarantees.

Its PURPOSE is to be an organization oriented towards process management and risk analysis, to ensure their control and improvement, the integration of our staff in their development and compliance with the commitment to quality and information security, through in order to seek the maximum satisfaction of our clients, as well as to be a reference for the sectors and activities;

All of this is based on the development of people, their personal fulfillment and the sense of belonging to the organization, the best adaptation and optimization of resources and management by processes and risk analysis, as essential elements to achieve CONTINUOUS IMPROVEMENT.

Aware of the need to have internationally recognized Standardized Systems, the organization has aligned its Information Security Management System to the ISO 27001 standard.
For this reason, the Management undertakes to lead and maintain an Information Management System in the organization based on continuous improvement and the following guidelines:

The serious commitment to know the needs and expectations of our customers and other interested parties, to achieve their satisfaction, and continuous improvement, establishing and verifying compliance with the established objectives on a regular basis.

The commitment to comply with the applicable legislation and regulations, as well as the requirements that are subscribed.
Ensure the security of our own information and that of our clients. Our activity implies the treatment of varied information as a way of executing basic processes of its activity. Knowing that information systems, applications, communications infrastructures, files and databases constitute an important asset of the company, management prioritizes the confidentiality, integrity and availability of information when defining and delimiting the objectives and responsibilities for the various technical and organizational actions and monitors compliance with the legal framework, specific directives and policies and defined procedures.
The commitment to the continuous review of competencies and continuous improvement, in order to guarantee the quality of the services and their ability to face the growing challenges that our clients pose to us.

All our staff accept the commitment to continuous improvement of the services, of the auxiliary processes of the company and to develop a conduct in responsible information security, within the different jobs.

General Directorate

March 23, version nº01